Sign-up

ID

VAR-201904-0612


CVE

CVE-2018-13297


TITLE

Synology Drive Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-015169

DESCRIPTION

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. Synology Drive is a collaborative office suite developed by Synology, a Taiwan-based company. The product includes functions such as document management, collaborative office and file synchronization backup. This vulnerability is caused by errors in network system or product configuration during operation

Trust: 1.71

sources: NVD: CVE-2018-13297 // JVNDB: JVNDB-2018-015169 // VULHUB: VHN-123342

AFFECTED PRODUCTS

vendor:synologymodel:drive serverscope:ltversion:1.1.2-10562

Trust: 1.0

vendor:synologymodel:drivescope:ltversion:1.1.2-10562

Trust: 0.8

sources: JVNDB: JVNDB-2018-015169 // NVD: CVE-2018-13297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13297
value: MEDIUM

Trust: 1.0

security@synology.com: CVE-2018-13297
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-13297
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-014
value: MEDIUM

Trust: 0.6

VULHUB: VHN-123342
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13297
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-123342
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13297
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-123342 // JVNDB: JVNDB-2018-015169 // CNNVD: CNNVD-201904-014 // NVD: CVE-2018-13297 // NVD: CVE-2018-13297

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-123342 // JVNDB: JVNDB-2018-015169 // NVD: CVE-2018-13297

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-014

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-014

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015169

PATCH
title:Synology-SA-18:50 Driveurl:https://www.synology.com/ja-jp/security/advisory/Synology_SA_18_50
Trust: 0.8
title:Synology Drive Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90930
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015169 // 
            
            
            
            CNNVD: CNNVD-201904-014

EXTERNAL IDS
db:NVDid:CVE-2018-13297
Trust: 2.5
db:JVNDBid:JVNDB-2018-015169
Trust: 0.8
db:CNNVDid:CNNVD-201904-014
Trust: 0.7
db:VULHUBid:VHN-123342
Trust: 0.1
sources:
            
            
            VULHUB: VHN-123342 // 
            
            
            
            JVNDB: JVNDB-2018-015169 // 
            
            
            
            CNNVD: CNNVD-201904-014 // 
            
            
            
            NVD: CVE-2018-13297

REFERENCES
url:https://www.synology.com/security/advisory/synology_sa_18_50
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-13297
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13297
Trust: 0.8
sources:
            
            
            VULHUB: VHN-123342 // 
            
            
            
            JVNDB: JVNDB-2018-015169 // 
            
            
            
            CNNVD: CNNVD-201904-014 // 
            
            
            
            NVD: CVE-2018-13297

SOURCES
db:VULHUBid:VHN-123342
db:JVNDBid:JVNDB-2018-015169
db:CNNVDid:CNNVD-201904-014
db:NVDid:CVE-2018-13297

LAST UPDATE DATE
2024-11-23T22:21:43.448000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-123342date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-015169date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-014date:2019-04-04T00:00:00
db:NVDid:CVE-2018-13297date:2024-11-21T03:46:47.210

SOURCES RELEASE DATE
db:VULHUBid:VHN-123342date:2019-04-01T00:00:00
db:JVNDBid:JVNDB-2018-015169date:2019-05-09T00:00:00
db:CNNVDid:CNNVD-201904-014date:2019-04-01T00:00:00
db:NVDid:CVE-2018-13297date:2019-04-01T15:29:00.827